Ejemplo n.º 1
0
function checkCookies($uname, $cookiehash)
{
    $ha = getCookies($uname);
    if ($ha == $cookiehash) {
        return true;
    }
    return false;
}
Ejemplo n.º 2
0
<?php

require_once '../init.php';
require_once '../pager.php';
require_once getCacheFilePath('folders.php');
require_once './../../' . ADMIN_DIR . '/language/language.php';
if (!isAdmin()) {
    exit($_AL['all.notlogin']);
}
$curPage = intval($_GET["page"]);
$folderid = intval($_GET["folderid"]);
if ($folderid > 0) {
    setCookies("lastfolderid", $folderid);
} else {
    $folderid = intval(getCookies("lastfolderid"));
}
//preview
setCookies("lastfoldertype", 2);
$pagerlink = "files.php?page={page}&folderid={$folderid}";
$condition = "folderid={$folderid}";
$orderstr = "id desc";
$pager = new Pager();
$pager->init(10, $curPage, $pagerlink);
$attachements = $pager->queryRows($db, "attachments", $condition, "*", $orderstr);
foreach ($attachements as $key => $att) {
    $att['shortfilename'] = htmlFilter(cutStr($att['filename'], 12));
    $att['filename'] = htmlFilter($att['filename']);
    $att['uploadtime'] = getDateStr($att['uploadtime']);
    $attachements[$key] = $att;
}
$folderrow = $cache_folders[$folderid];
Ejemplo n.º 3
0
$timer_begin = getmicrotime();
$db = new db();
$db->connect($_DB);
$webcore = new WebCore();
//管理员登录信息
$lg['userid'] = intval(rSESSION('userid'));
$lg['isadmin'] = intval(rSESSION('isadmin'));
//会员登录信息
$lg['memberid'] = intval(rSESSION('memberid'));
$lg['groupid'] = intval(rSESSION('groupid'));
$lg['isadmin'] = intval(rSESSION('isadmin'));
$lg['membername'] = strFilter(rSESSION('membername'));
$lg['displayname'] = htmlFilter(rSESSION('membername'));
$lg['memberpass'] = strFilter(rSESSION('memberpass'));
$lg['memberauth'] = strFilter(rSESSION('memberauth'));
$lg['expire'] = intval(getCookies('expire'));
$islogin = isLogin();
if (empty($lg['membername']) || empty($lg['memberpass'])) {
    $lg['memberid'] = 0;
    $lg['groupid'] = 0;
} elseif (md5($lg['membername'] . $lg['memberpass'] . $cache_global['salt']) != $lg['memberauth']) {
    //echo md5($lg['membername'].$lg['memberpass'].$cache_global['salt']);exit;
    $lg['memberid'] = 0;
    $lg['groupid'] = 0;
    $lg['membername'] = '';
    $lg['memberpass'] = '';
}
//var_dump($lg);exit;
if ($lg['memberid'] == 0 || $lg['groupid'] == 0) {
    $lg['groupid'] = GROUP_GUESS;
    //自动登录
Ejemplo n.º 4
0
     }
     succeedFlag($proid);
     break;
 case "changePronum":
     $proid = intval($_GET["proid"]);
     $pronum = intval($_GET["pronum"]);
     $cartid = intval(getCookies("cartid"));
     if (!empty($cartid)) {
         $odt['pronum'] = $pronum;
         $db->row_update("orderdetails", $odt, "proid={$proid} and cartid={$cartid} and langid={$_SYS['langid']}");
     }
     succeedFlag($proid);
     break;
 case "saveorder":
     try {
         $cartid = intval(getCookies("cartid"));
         if (!empty($cartid)) {
             $odts = $db->row_select("orderdetails", "cartid={$cartid} and langid={$_SYS['langid']}");
             if (empty($odts)) {
                 exit($_SLANG['ajaxpublic.nopro']);
             }
             $ordertotal = 0;
             foreach ($odts as $okey => $odt) {
                 $ordertotal += $odt['price'] * $odt['pronum'];
             }
             $order['memberid'] = $lg['memberid'];
             $order['ordernum'] = GenOrderNum($lg, $cartid);
             $order['name'] = cutStr(strFilter($_POST['name']), 30);
             $order['phonenum'] = cutStr(strFilter($_POST['phonenum']), 30);
             $order['email'] = cutStr(strFilter($_POST['email']), 30);
             $order['address'] = cutStr(strFilter($_POST['address']), 100);
    }
    geoip_close($gi);
    if ($data['statusCode'] == 'OK') {
        $countryCode = $data['countryCode'];
        setcookie("geoipCountry", $data['countryCode'], $cookiesTime);
        setcookie("geoip", $ip, $cookiesTime);
        // echo $data['countryCode'];
        if (in_array($data['countryCode'], $blockedCounntries)) {
            if (!whilteListIp($ip)) {
                header('Location: ' . DEFAULT_URL . '/visitor.php');
            }
        }
    }
} else {
    if (in_array(getCookies('geoipCountry'), $blockedCounntries)) {
        if (!whilteListIp(getCookies('geoip'))) {
            header('Location: ' . DEFAULT_URL . '/visitor.php');
        }
    }
}
function whilteListIp($ipAddress)
{
    $query = mysql_query("SELECT id  FROM `whitelist_ips` WHERE trim(`ip_address`) =  '{$ipAddress}'");
    if (mysql_num_rows($query) <= 0) {
        return false;
    }
    return true;
}
function getCookies($key)
{
    return !empty($_COOKIE[$key]) ? $_COOKIE[$key] : null;
Ejemplo n.º 6
0
<?php

require_once 'inc/init.php';
$action = $_GET['action'];
switch ($action) {
    case "buy":
        $action = "buy";
        break;
    default:
        $action = "view";
}
$cartid = getCookies("cartid");
if (!empty($cartid)) {
    $odts = $db->row_select("orderdetails", "cartid={$cartid} and langid={$_SYS['langid']}");
    foreach ($odts as $okey => $odt) {
        $odt['proname'] = htmlFilter($odt['proname']);
        $odt['displayprice'] = number_format($odt['price'], 2);
        $odt['itemtotal'] = number_format($odt['price'] * $odt['pronum'], 2);
        $ordertotal += $odt['price'] * $odt['pronum'];
        $odt['prourl'] = "../product.php?id={$odt['proid']}";
        $protmppic = $webcore->getPics($odt['picid'], $odt['picpath'], 0, true, true);
        $odt['picpath'] = $protmppic['picpath'];
        $odts[$okey] = $odt;
    }
}
require_once './header.php';
require_once getTemplatePath('cart.htm');
footer();
Ejemplo n.º 7
0
 }
 if (!empty($voteitemid)) {
     if (isIntArray($voteitemid) && count($voteitemid) <= $voterow['maxvotes']) {
         //合法
     } else {
         $votetips = _LANG($_SLANG['vote.max2'], array($voterow['maxvotes']));
     }
     $rows = $db->row_select("voteitems", "voteid={$voteid}");
     if ($voterow['level'] > 0) {
         foreach ($rows as $row) {
             if (stristr(",{$row['voteips']},", "," . getIP() . ",")) {
                 $votetips = $_SLANG['vote.voted'];
             }
         }
     }
     if ($voterow['level'] == 2 && intval(getCookies("vote{$voteid}")) == 1) {
         $votetips = $_SLANG['vote.voted'];
     }
     //成功投票
     if (empty($votetips)) {
         foreach ($rows as $row) {
             if (in_array($row['id'], $voteitemid)) {
                 $tip = getIP();
                 $db->query_unbuffered("update `{$db->pre}voteitems` set votednum=votednum+1, voteips=" . $db->concat("voteips", "'{$tip}'") . " where id={$row['id']}");
             }
         }
         //写cookies
         if ($voterow['level'] == 2) {
             setCookies("vote{$voteid}", '1');
         }
         $totalrow = $db->row_query_one("SELECT SUM(votednum) as total FROM `{$db->pre}voteitems` WHERE voteid={$voteid} LIMIT 1");
Ejemplo n.º 8
0
function controller_login_index()
{
    if (empty($_COOKIE['log']) && empty($_COOKIE['pa'])) {
        view_login();
    } else {
        getCookies();
    }
}
Ejemplo n.º 9
0
}
$file_size_limit = 20480;
$file_num_limit = 99999;
$file_types = '*';
$file_newnum = 20;
$today_uploaded = 1;
$enter = intval($_GET["enter"]);
$folderid = intval($_GET["folderid"]);
if (isset($_GET["folderid"])) {
    setCookies("lastfolderid", $folderid);
} else {
    $folderid = intval(getCookies("lastfolderid"));
}
$folderid = $folderid == 0 ? 1 : $folderid;
//list
$lastfoldertype = intval(getCookies("lastfoldertype"));
if ($enter == 0 && $lastfoldertype == 2) {
    header("location:files.php?folderid={$folderid}");
    exit;
}
setCookies("lastfoldertype", 1);
$types = explode(",", $file_types);
$file_types = "";
foreach ($types as $ext) {
    if (!empty($ext)) {
        $file_types .= "*.{$ext};";
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
Ejemplo n.º 10
0
     if ($uselangid == $setlangid && $hide == 1) {
         printRes("{$_AL['lang.ajax.off.failed']}<script>setTimeout(function(){reloadSelf('admin.php?inc=lang&action=list');},2000);</script>");
     }
     $langobj['ishidden'] = $hide;
     $db->row_update("langs", $langobj, "id={$setlangid}");
     writeLangsCache();
     printRes("{$_AL['lang.ajax.set.succeed']}<script>reloadTop('admin.php?inc=lang&action=list');</script>");
     //succeedFlag();
     break;
 case "dellang":
     $setlangid = intval($_GET['setlangid']);
     $row = $db->row_select_one("langs", "isdefault=1");
     if ($row['id'] == $setlangid) {
         exit($_AL['lang.ajax.deldef.failed']);
     }
     $uselangid = intval(getCookies('alangid'));
     if ($uselangid == $setlangid) {
         exit($_AL['lang.ajax.off.failed']);
     }
     $db->row_delete("langs", "id={$setlangid}");
     $db->row_delete("favs", "langid={$setlangid}");
     $db->row_delete("orderdetails", "langid={$setlangid}");
     $db->row_delete("orders", "langid={$setlangid}");
     $db->row_delete("articles", "langid={$setlangid}");
     $db->row_delete("channels", "langid={$setlangid}");
     $db->row_delete("contact", "langid={$setlangid}");
     $db->row_delete("links", "langid={$setlangid}");
     $db->row_delete("msgs", "langid={$setlangid}");
     $db->row_delete("procates", "langid={$setlangid}");
     $db->row_delete("products", "langid={$setlangid}");
     $db->row_delete("settings", "langid={$setlangid}");
Ejemplo n.º 11
0
}
if (!isset($_POST["email"])) {
    add_return_data(0, 5, "E-mail required");
}
$email = $_POST["email"];
if (!$email) {
    add_return_data(0, 5, "E-mail required");
}
if (isset($_POST["contact"])) {
    $contact = $_POST['contact'];
}
if (isset($_POST["role"]) && $_POST["role"]) {
    $role = $_POST['role'];
}
$user = new User($uname);
if ($user->getuser()) {
    add_return_data(0, 2, "User already exists");
}
$data = array("uname" => $uname, "password" => $password, "gender" => $gender, "fname" => $fname, "email" => $email, "contact" => $contact, "role" => $role);
$useId = $user->insert($data);
$cookies = array("uid" => $useId, "hash" => getCookies($useId));
$returndata["cookies"] = $cookies;
if ($useId) {
    $picId = uploadPic("profilePic", $useId, "userFace");
    if ($picId) {
        if ($user->updateProfileImage($useId, $picId)) {
            add_return_data(1, 1, "User successfully created");
        }
    }
    add_return_data(1, 2, "User successfully created but picture cannot be added.");
}
Ejemplo n.º 12
0
<?php

$base = "../../";
require_once $base . "users.php";
$returndata = array();
//uname, password
if (!isset($_POST['uname']) || !isset($_POST['password'])) {
    add_return_data(0, 2, "Both Username and Password need to be posted.");
} else {
    $uname = $_POST['uname'];
    $password = $_POST['password'];
    $user = new User($uname);
    if (!$user->checklogin($uname, $password)) {
        //Username password incorrect send that json.
        add_return_data(0, 3, "Incorrect username or password");
    } else {
        //Username and password is correct send json to say username password correct and send cookies
        $userdata = $user->get_user_data();
        $returndata["user"] = $userdata;
        $cookies = array("uid" => $user->get_userid(), "hash" => getCookies($user->get_userid()));
        $returndata["cookies"] = $cookies;
        add_return_data(1, 1, "Logged In!");
    }
}